On 2012/06/29 20:05, sven falempin wrote: > ifconfig bridge0 rule pass in on fxp0 src de:ff:*
wouldn't it be simpler to just allow a mask value to be set, then you don't need to mess with extra flag variables, just mask the MAC address with this value before comparison. > ifconfig bridge0 rule pass in on fxp0 src *:de:ff what use-case do you have for this? matching on the vendor part sort-of makes sense, but I'm at a loss to see anywhere you might want to match the *end* of a MAC address and ignore the start...
